<?php
header('Content-type:text/html;charset=utf-8');

//包含配置文件
include '../../public/peizhi.php';

//包含函数库
include '../../public/func.php';

//调用函数
$link = db();

//接值
$uname = $_POST['username'];

$pwd = md5($_POST['pwd']);

//准备SQL语句
$sql = "select id,name,pass,qx from user where name='{$uname}'";

//执行SQL语句
$res = mysqli_query($link,$sql);

//判断是否是后台管理用户
//用户名是否正确
if($res && mysqli_num_rows($res)){
	$look = mysqli_fetch_assoc($res);
		//密码是否正确
		if($look['pass'] == $pwd){
			//是否具有权限
			if($look['qx'] == 2){
				//验证成功,数据存到cookie中,跳转到后台
				setcookie('uname',$look['name'],0,'/');
				setcookie('uid',$look['id'],0,'/');
				header('location:../admin.php');
			}else{
				//没有相应权限,返回登录页
				header('location:./login.php?error=3');
			}
		}else{
			//密码不正确,返回登录页
			header('location:./login.php?error=2');
		}
}else{
	//用户名不正确,返回登录页
	header('location:./login.php?error=1');
}






